Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support OmniAuth 2.0 series #16

Open
koshilife opened this issue Mar 9, 2021 · 1 comment
Open

support OmniAuth 2.0 series #16

koshilife opened this issue Mar 9, 2021 · 1 comment

Comments

@koshilife
Copy link

OmniAuth 2.0 was released includes to resolved CSRF vulnerability CVE-2015-9284 and some behaviors changed.

See below the release note for details.
https://github.com/omniauth/omniauth/releases/tag/v2.0.0

If an OmniAuth Strategy has overridden callback_url, it is needed to follow changes because of
the callback_path changes.

I think this library is also the target.
https://github.com/ginjo/omniauth-slack/blob/master/lib/omniauth/strategies/slack.rb#L199

In case of using OmniAuth 2.0 and script_name, the redirect url now includes the script_name twice so it might occur redirect url mismatch error.

I suggest this library should release 2 versions for correspond to OmniAuth 1.x and 2.0 series.

  • Release 2.5.1 bumped micro version as support for OmniAuth 1.x.
  • Release 3.0.0 bumped major version as support for OmniAuth 2.0 series.

I’m going to make pull requests.
koshilife added a commit to koshilife/omniauth-slack that referenced this issue Mar 10, 2021
@koshilife
ginjo#16 Add a testcase to confirm callback_url when setting script_n…
db25092 
…ame.
koshilife added a commit to koshilife/omniauth-slack that referenced this issue Mar 10, 2021
@koshilife
ginjo#16 Add dependency constraint for omniauth 1.x
64159d5
koshilife added a commit to koshilife/omniauth-slack that referenced this issue Mar 10, 2021
@koshilife
ginjo#16 Allow for OmniAuth 2.0 series
a500f65
This was referenced Mar 10, 2021
Open
Closed
@koshilife
Copy link
Author

I opened two PRs (#17 #18)
Could you review theses?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@koshilife